As the coronavirus outbreak continues and safety concerns relating to travel and large group meetings increase globally, Coalfire ISO (“CFISO”) has been monitoring the effects of this crisis on both its customers and its employees. As a certification body, CFISO maintains accreditation with both the ANSI National Accreditation Board (ANAB) and the United Kingdom Accreditation Service (UKAS). Both governing bodies have been proactive in their responses to this developing worldwide event and have issued guidance to certification bodies referenced below.
As a response to these notices, CFISO will be taking the following steps in accordance with IAF ID 3 effective immediately for all certified or applicant organizations with planned audits to be executed through May 31, 2020.
- At the discretion of either/both the appointed Lead Auditor or the organization under review by CFISO, the option to revise the walkthrough activities from an onsite assessment to a remote audit via the use of web-conferencing (incl. video, phone, screensharing) technologies is now permissible.
- For surveillance audits, certificate continuance deadlines will be extended to the end of the 2020 calendar year should both normal audit procedures and remote auditing options be rejected as communicated by the certified organization. If a continuance decision is still not awarded by CFISO as of December 31, 2020, suspension procedures in accordance with the binding certificate agreement between the certified organization and CFISO will be enforced.
- For recertification audits and when both normal or remote auditing procedures are not possible, certificates will be granted a one-time extension for a period of six months in accordance with ANAB Heads Up 448 when a legally-enforceable contract between CFISO and the certified organization is in place.
- For any audit program where onsite time is unable to be met in accordance with accreditation standards, such as ISO/IEC 27006 and IAF MD 5, during this period, CFISO may revise its multi-year audit program during subsequent reviews to account for additional onsite auditor time and physical site sampling requirements per IAF MD 1.
To participate in these revised audit procedures, we ask the certified or applicant organization to contact the appointed Lead Auditor for your engagement and provide written confirmation of the request for a remote audit via the use of technologies described above while citing justifications directly related to the coronavirus outbreak.
Please be aware that we have also extended these same allowances to our CFISO staff understanding that the coronavirus and its effects could have similar consequences for our employees. While an applicant or certified organization may choose to proceed with onsite audit activities, the audit team at the discretion of the appointed Lead Auditor will still retain the option to modify the audit plan and execute these activities remotely.
At the core of this bulletin, we want to communicate a message of safety and solidarity recognizing that there are still large amounts of information that is unknown pertaining to the extent of this global event. Our wish for all of our customers and staff is to alleviate concerns relating to certificate programs during this difficult time and to continue to anticipate the needs of our interested parties as we learn more.
If there are any questions with regards to the content of this communication, please contact your appointed Lead Auditor or myself at David.Forman@coalfire.com.